Compare Cisco ASA NGFW vs. Fortinet FortiGate

Cisco ASA NGFW is ranked 2nd in Firewalls with 60 reviews while Fortinet FortiGate is ranked 1st in Firewalls with 59 reviews. Cisco ASA NGFW is rated 7.6, while Fortinet FortiGate is rated 8.6. The top reviewer of Cisco ASA NGFW writes "Enables us to to track traffic in inbound and outbound patterns so we can set expectations for network traffic". On the other hand, the top reviewer of Fortinet FortiGate writes "The IPsec tunnels are very easily created, and quite interoperable with devices from other vendors". Cisco ASA NGFW is most compared with Fortinet FortiGate, Meraki MX Firewalls and Cisco Firepower NGFW, whereas Fortinet FortiGate is most compared with Cisco ASA NGFW, Meraki MX Firewalls and Sophos UTM. See our Cisco ASA NGFW vs. Fortinet FortiGate report.
Cancel
You must select at least 2 products to compare!
Cisco ASA NGFW Logo
70,048 views|52,237 comparisons
Fortinet FortiGate Logo
167,398 views|113,713 comparisons
Most Helpful Review
Find out what your peers are saying about Cisco ASA NGFW vs. Fortinet FortiGate and other solutions. Updated: September 2019.
372,374 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
The firepower sensors have been great; they do a good job of dropping unwanted traffic.Unfortunately in Cisco, only the hardware was good.The most important point is the detection engine which is now part of the next-generation firewalls and which is supported by Cisco Talos.The most valuable features are the flexibility and level of security that this solution provides.Integration with all the other Cisco tools is valuable.We moved from a legacy firewall to the ASA with FirePOWER, increasing our Internet Edge defense dramatically.Cisco ASA NGFW significantly improves our bank. It protects any high-value products that we use from hackers, viruses, malware, and script-bots. It gives us metrics on network traffic as well as what kind of attacks we are getting from the outside.Right now, Cisco ASA NGFW has given us a lot of improvement. We are planning to move to a new facility and will be a much larger organization.

Read more »

The most valuable feature is the VDOM, which allows the customer to have multiple firewalls in a single campus.The security features are about the best that I've seen anywhere.It blocks the vulnerabilities that can negatively impact us.Advanced routing (RIP, OSPF, BGP, PBR). It gives you a seamless and simple integration into a large network.Anti-Spam web content filterinG.This solution has solid UTM features combined with a nice GUI.This is a quality product with ok support, and it is better than the competition we've tried.The features that we have found most valuable are the SSL VPN and the User Portal.

Read more »

Cons
The software was very buggy, to the point it had to be removed.In NGFW, Cisco should be aligned with the new technology and inspection intelligence because Cisco is far behind in this pipeline.Most users do not have awareness of this product's functionality and features. Cisco should do something to make them aware of them. That would be quite excellent and useful to organizations that are still using legacy data-center-security products.There was an error in the configuration, related to our uplink switches, that caused us to contact technical support, and it took a very long time to resolve the issue.With regards to stability, we had a critical bug come out during our evaluation... not good.The product would be improved if the GUI could be brought into the 21st Century.Cisco should improve its user interface design. There is a deep learning curve to the product if you are a newcomer.There is no support here in Georgia. If something goes wrong, support is not always very helpful with the other firewalls or other products.

Read more »

Improvement is needed in the Web Filter quotas to restrict users with allocated quotas.Technical support for this solution can be improved.I would like to have logs, monitoring, and reporting for a month without extra fees.I think there could be more QoS featuresThe Web-filter in this solution is not very good.FortiOS is not simple.This product could be improved with Active directory integration and better handling in IPsec and GRE Tunnels.I use the FortiGate 60D model and realized the 300Mbps bandwidth limitation. Because it is a product that offers many services, I think it could have greater bandwidth capacity.

Read more »

Pricing and Cost Advice
Always consider what you might need to reduce your wasted time and invest it in other solutions.Watch out for hidden licensing and incredibly high annual maintenance costs.We paid about $7,000 for the Cisco firewall, plus another small Cisco router and the lead switch. It was under the combined license. It's a final agreement.The cost is a big factor for us. This is why we are using it only in our restricted area. They are very much higher than their competitors in the market.Licensing is expensive compared to other solutions.Pricing is high, but it is essentially a corporate decision.The cost is a bit high compared to other solutions in the market.Cisco recently has become very expensive.

Read more »

The pricing for this solution is good.Setup cost may be not so low, as you expect, because it depends on different factors, but TCO for 5 years may pleasantly surprise you.Before choosing a piece of equipment you have to take into account the cost-benefit offered by each one. Sometimes it is not worth paying a very cheap price to have a minimum level of security.Each feature costs money, so it is important to study your needs.I would say that all things considered, the pricing is pretty good.Fortinet is reasonable in pricing and licensing. Overall, FortiGate is affordable. The licensing fee can be a little high, depending on the budget for your project.Our licensing costs are on a yearly basis.Compared to Palo Alto, which we have used in the past, pricing and licensing are okay.

Read more »

report
Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
372,374 professionals have used our research since 2012.
Answers from the Community
Miriam Tover
Alberto E. Luna RodriguezReal User

Fortinet FGs: Great devices, relatively easy to deploy and maintain. Cheaper than most devices of their kind. If you're looking for a lot of features at a relatively low price point this is the way to go. However, beware of Fortinet's promises performance-wise, if you take this route you'll want to over-dimension your device a bit, otherwise you will not be activating the features you're buying. Stability and reliability is OK (careful with software upgrades as they tend to break some things).

Cisco ASA: My personal preference because of the peace of mind they provide (specially if it's your phone that rings every time something breaks). Not as friendly as Fortinet, takes effort deploy and maintain. They are more expensive and offer less features, but they do the work they are built for, and they do it exceptionally. If you are looking for stability, reliability and great support, and you don't mind spending some extra dollars then this is the way to go, Firepower adds some of the missing features that other vendors offer, but not as well integrated IMO. They are improving on that regard, but still lag behind other vendors with UTM devices.

18 December 18
KevinRobertsConsultant

Cisco has been playing catchup for years with regards to firewalls, they still don't have it. Personal preference is PA however I would also recommend Fortinet hands down over the Cisco ASA if my job depended on it.

17 December 18
Vejai SammyUser

Cisco ASA is an excellent product if you don't need UTM capabilities and will be leveraging other security solutions to complete your security architecture. We recently replaced our ASA with Fortinet as the latter provided a UTM device that was more inline with our strategy to simplify our architecture and operations. The Fortinet VDOM approach is miles ahead of Cisco providing flexibility in how we deploy our security appliance which would be much more difficult with the ASA. Even though we are a Cisco shop, the FortiGate has proven to be easier to manage and gets the job done, no issues after almost 1 year of operation. Other benefits include the lower cost, less complexity in licensing and the FortiOS Security Fabric which can extend seamlessly to incorporate switches and APs allowing you to easily build out your security infrastructure and manage it all through a single pane of glass with FortiAnalyzer and FortiManager integrated into the box. What more can you ask for?

24 June 19
Network Engineer with 201-500 employeesReal User

1. The biggest difference between the two is the pricing. You can get a higher model of FortiGate with all the bells and whistles for a quarter of the price of the basic model of the Cisco Firepower (cisco's next gen firewalls).
2. Cisco ASA will be end of production pretty soon. I am unsure if they will continue to sell the ASA with Firepower bundle.
3. The only upside of buying Cisco these days is for the TAC support which of course comes with a huge cost of smartnet support cost.
4. The down side of FortiGate is that their support isn't as great as Cisco. So if you know what you are doing you can get by with FortiGate just fine and save a bunch of money in the process. It is not that difficult to work with FortiGate.
5. My suggestion is do a Proof of Concept with both the hardware on site and evaluate the performance and ease of use. Your sales rep for Cisco and FortiGate should be able to get you a demo device.
6. Also key when choosing a firewall is understanding the nature of your traffic. For example: My previous company dealt with a lot of bid traffic which are really small packets but in large numbers and the Palo Alto firewall that we brought for almost $500K could not handle it, hence do your due diligence and understand the traffic that will be passing through the firewall.
7. Evaluate the firewall to see if it can handle east-west traffic security (zero trust deployment).

19 December 18
VinodPolReal User

In Comparison between Cisco ASA and Fortinet, I can recommend always Fortinet is Ahead of Cisco. Being deployed both firewalls into our managed environment I have better experience with Fortinet,
1. FortiGate Hardware is seen to be providing better performance in front of Cisco where Hardware issues are almost NIL. Failover between devices is seamless comparing Cisco ASA
2. The port density and type (Copper/fiber) comes along with Any FortiGate hardware at his throughput comparison level is high and you will have privilege to deploy firewall in your customize scenarios. Which further gives cost advantage.
3. The VDOM management concept is one of the differentiated factor where manageability and sharing firewall in multi environment projects is saves cost.
4. Forti manager and Forti analyzer are best to manage multiple firewalls in single pane.
5. Both firewalls Support most NGFW features. But I feel FortiGate is superior with respect to management of policies, IP based, user based, DNS based and application based.
6. Support wise FortiGate is seen advance in front of Cisco TAC.
7. Mainly, you will not see or less IOS bugs, vulnerabilities in Foregate where Cisco you have to constant keep upgrading with frequent IOS releases.
8. You will see more API integration options with FortiGate than ASA to customize, automate some of the operational cases.

18 December 18
COO/CTO at a pharma/biotech company with 11-50 employeesReal User

Before I respond completely, does it matter if the bandwidth is compromised while all firewall apps are active?

My experience with Fortinet was heavy overhead while their firewall apps were active. This was with a 1GHz Verizon FIOS business account (1 GHz up AND download). Hardwired endpoints and WiFi connections using Fortigate APs were under 20 devices. We were below 100 MHz and was confirmed with my 3rd party whom I had a 5 day a week 8 hours/day support account. That is a greater than 90% overhead. The Fortinet device was a 90-D router - that was overkill for what my company size was and yet, still had that performance.

17 December 18
Jefferson LoiseauUser

In order to answer that question a few things needs to be understood about the current environment.

For small to medium business where funding is a concern, the Fortinet are a very good long term solution. If you are deploying an External and Internal environment, you could leverage a combination of both where the Cisco ASA is on the internal and Fortinet on the external.

Fortinet’s are easier to deploy and there security approach is top end.

ASA are a bit more difficult and with the FirePower are known to be an issue when deploying and pushing out policies.

I’d be more inclined to go with the Fortinet’s than ASA’s is staff and resources are limited.

17 December 18
Goumou FerdinandReal User

Hello, I recommend Cisco ASA, it is very consistence, powerful, flexible and interoperability that is the main goal of Cisco products. I always recommend to my client ASA if they need Firewall only.
Fortigate is a good product, easy to implement and manage, it is also less expensive compare to ASA, I most of the time recommend Fortinet to a client who have limited budget for security, so by choosing Fortigate, the client can use the other services such as antivirus, malware protection, application control and so on.
So in summary the choice is not made base on the device, but base on the customer infrastructure, budget and technical resource they have to manage the devices.

Cheers,

20 December 18
Ranking
2nd
out of 50 in Firewalls
Views
70,048
Comparisons
52,237
Reviews
57
Average Words per Review
309
Avg. Rating
7.9
1st
out of 50 in Firewalls
Views
167,398
Comparisons
113,713
Reviews
56
Average Words per Review
365
Avg. Rating
8.6
Top Comparisons
Compared 38% of the time.
Compared 18% of the time.
Compared 11% of the time.
Also Known As
Cisco ASA, Adaptive Security Appliance, ASAFortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate
Learn
Cisco
Fortinet
Overview

Adaptive Security Appliance (ASA) is Cisco's end-to-end software solution and core operating system that powers the Cisco ASA product series. This software solution provides enterprise-level firewall capabilities for all types of ASA products, including blades, standalone appliances and virtual devices. Adaptive Security Appliance provides protection to organizations of all sizes, and allows end-users to access information securely anywhere, at any time, and through any device.

Adaptive Security Appliance is also fully compatible with other key security technologies, and so provides organizations with an all-encompassing security solution.

Block more threats and quickly mitigate those that do breach your defenses with the industry’s first threat-focused NGFW.

The FortiGate family of NG firewalls provides proven protection with unmatched performance across the network, from internal segments, to data centers, to cloud environments. FortiGates are available in a large range of sizes and form factors and are key components of the Fortinet Security Fabric, which enables immediate, intelligent defense against known and new threats throughout the entire network.

Offer
Learn more about Cisco ASA NGFW
Learn more about Fortinet FortiGate
Sample Customers
There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.Pittsburgh Steelers, LUSH Cosmetics, NASDAQ, Verizon, Arizona State University, Levi Strauss & Co. Whitepaper and case studies here
Top Industries
REVIEWERS
Financial Services Firm17%
Comms Service Provider11%
Manufacturing Company11%
University8%
VISITORS READING REVIEWS
Software R&D Company28%
Comms Service Provider15%
Media Company8%
Manufacturing Company6%
REVIEWERS
Comms Service Provider11%
Financial Services Firm11%
Healthcare Company9%
Real Estate/Law Firm9%
VISITORS READING REVIEWS
Software R&D Company21%
Comms Service Provider14%
Cloud Provider7%
Media Company7%
Company Size
REVIEWERS
Small Business36%
Midsize Enterprise25%
Large Enterprise38%
VISITORS READING REVIEWS
Small Business36%
Midsize Enterprise24%
Large Enterprise40%
REVIEWERS
Small Business49%
Midsize Enterprise25%
Large Enterprise26%
VISITORS READING REVIEWS
Small Business53%
Midsize Enterprise29%
Large Enterprise18%
Find out what your peers are saying about Cisco ASA NGFW vs. Fortinet FortiGate and other solutions. Updated: September 2019.
372,374 professionals have used our research since 2012.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Sign Up with Email